diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-04 13:36:58 -0400 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-04 07:36:58 -1000 |
commit | 6a0718faddbc7b6b57f86417f6daa468c18ea248 (patch) | |
tree | 624fe16cf368a13cbbd7370b2a4780fa5da76c91 /src/cryptography/hazmat/backends/openssl/decode_asn1.py | |
parent | 140ec5d6e2167692ba5619b368f44a1b07f96a4a (diff) | |
download | cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.gz cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.bz2 cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.zip |
Refs #3461 -- parse SCTs from x.509 extension (#3480)
* Stub API for SCTs, feedback wanted
* grr, flake8
* finish up the __init__
* Initial implementation and tests
* write a test. it fails because computer
* get the tests passing and fix some TODOs
* changelog entry
* This can go now
* Put a skip in this test
* grump
* Removed unreachable code
* moved changelog to the correct section
* Use the deocrator for expressing requirements
* This needs f for the right entry_type
* coverage
* syntax error
* tests for coverage
* better sct eq tests
* docs
* technically correct, the most useless kind of correct
* typo and more details
* bug
* drop __eq__
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/decode_asn1.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 282e30f0..ab97dc19 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -597,6 +597,21 @@ def _decode_inhibit_any_policy(backend, asn1_int): return x509.InhibitAnyPolicy(skip_certs) +def _decode_precert_signed_certificate_timestamps(backend, asn1_scts): + from cryptography.hazmat.backends.openssl.x509 import ( + _SignedCertificateTimestamp + ) + asn1_scts = backend._ffi.cast("Cryptography_STACK_OF_SCT *", asn1_scts) + asn1_scts = backend._ffi.gc(asn1_scts, backend._lib.SCT_LIST_free) + + scts = [] + for i in range(backend._lib.sk_SCT_num(asn1_scts)): + sct = backend._lib.sk_SCT_value(asn1_scts, i) + + scts.append(_SignedCertificateTimestamp(backend, asn1_scts, sct)) + return x509.PrecertificateSignedCertificateTimestamps(scts) + + # CRLReason ::= ENUMERATED { # unspecified (0), # keyCompromise (1), @@ -751,6 +766,9 @@ _EXTENSION_HANDLERS = { ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name, ExtensionOID.NAME_CONSTRAINTS: _decode_name_constraints, ExtensionOID.POLICY_CONSTRAINTS: _decode_policy_constraints, + ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: ( + _decode_precert_signed_certificate_timestamps + ), } _REVOKED_EXTENSION_HANDLERS = { |